Your favorite infosec freebies

Recently, we conducted an informal, unscientific poll asking readers to tell us about their favorite free information security tools.&nbsp;And boy, did they ever respond.

Here are&nbsp;more than 20&nbsp;of the most popular answers. Some (Nessus, Nmap, Metasploit) will be very familiar; others may surprise you.

Maltego

Paterva develops this&nbsp;open source intelligence and forensics app, designed&nbsp;to deliver a clear threat picture for the user's environment. It will demonstrate the complexity and severity of single points of failure as well as trust relationships that exist within the scope of one's infrastructure.&nbsp;

It pulls in information posted all over the Internet, whether it's the current configuration of a router on the edge of the company network or the current whereabouts of your company's vice president.&nbsp;

The commercial license does have a price tag, but a "community" version is free with some restrictions.

OWASP Zed Attack Proxy (ZAP)

It's designed to be used by practitioners with a wide range of security experience and is ideal for developers and functional testers who are new to pen testing.

It provides automated scanners and a set of tools for those who wish to find vulnerabilities manually.

Samurai Web Testing Framework

The Samurai Web Testing Framework&nbsp;functions as a web pen-testing environment. It's actually a toolbox packed with some of the other items you'll see in this slideshow.

The CD contains a host of free and open source tools to test and attack websites.&nbsp;

Tools include the Fierce domain scanner and Maltego. For mapping it uses WebScarab and ratproxy. Discovery tools include w3af and burp. For exploitation, the final stage, it includes BeEF, AJAXShell and others. The CD also includes a pre-configured wiki, set up to be the central information store during the user's pen-test.

BackTrack

BackTrack is a Linux-based pen-testing toolbox security professionals use to perform assessments in a purely native environment dedicated to hacking.

Users have easy access to a variety of tools ranging from port scanners to password crackers. Users can&nbsp;boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is an option.

It covers some security aspects/weakness present in protocol standards, authentication methods and caching mechanisms. Its main purpose is the simplified recovery of passwords and credentials from various sources. It also ships some "non standard" utilities for Microsoft Windows users.

Fierce Domain Scan

According to the ha.ckers blog, Fierce Domain Scan "was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks."

Fierce is designed specifically to pinpoint likely targets inside and outside a corporate network. It is essentially a reconnaissance tool, a PERL script built to scan domains within minutes, using a variety of tactics.

The Harvester

The Harvester is&nbsp;an open source intelligence tool (OSINT) used to attain email addresses and user names from public sources such like Google and LinkedIn.

A favorite among pen testers, it lets the user conduct passive reconnaissance and build target profiles that include a list of user names and email addresses.

The Social Engineering Framework website says, "Emails and user names are similar to your real name. They can be used to identify you in the virtual world or in your workplace. They can lead to identifying your friends, your family, and your social groups."

John the Ripper

John the Ripper is a&nbsp;password cracker available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS.

It's mainly used to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows&nbsp;LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

MobiSec

It allows users to test their mobile environments to identify design weaknesses and vulnerabilities.

Testers get access to a host of open-source mobile testing tools, as well as the ability to install additional tools and platforms. Using a live environment allows pen testers to boot the MobiSec Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.

The MobiSec Live Environment is maintained as an open source project on Source Forge, located at&nbsp;http://sourceforge.net/p/mobisec, and can be downloaded as an ISO by clicking on the Download link above.

Nessus

Nessus is one of the world&rsquo;s most popular vulnerability and configuration assessment tools. Though Tenable Network Security changed Nessus 3 to a proprietary license, it&nbsp;is free for personal use in non-enterprise environments.

NMap

Nmap is an open source tool for network exploration and security auditing.

It's built to rapidly scan large networks, though it also works against single hosts. According to the NMap website, the scanner uses raw IP packets to determine what hosts are available on the network, which services those hosts are offering, what operating systems they are running, what types of packet filters/firewalls are in use, and dozens of other characteristics.

"While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules and monitoring host or service uptime," the website says.

OpenVPN

OpenVPN&nbsp;is an open source SSL VPN tool that works in a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.&nbsp;

According to the OpenVPN website, it's&nbsp;based on SSL, the industry standard for secure communications on the Internet.

"OpenVPN implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface," the site says. "OpenVPN is not a web application proxy and does not operate through a web browser."

Ophcrack

Ophcrack is&nbsp;a free Windows password cracker based on rainbow tables. It comes with&nbsp;a graphical user interface and runs on multiple platforms, according to the specifications on the website.

Features include the following:

-- Cracks LM and NTLM hashes.

-- Free tables available for Windows XP and Vista/7.

-- Brute-force module for simple passwords.

-- Audit mode and CSV export.

-- Real-time graphs to analyze the passwords.

-- LiveCD available to simplify the cracking.

-- Dumps and loads hashes from encrypted SAM recovered from a Windows partition.

Python Security

This is more a community than a tool. Think of it as a human toolbox. Specifically, it's&nbsp;the home of the largest collection of information about security in the&nbsp;Python&nbsp;programming language.

OWASP says of the effort, "Our mission is to make Python&nbsp;the most secure programming language in the world, ensure hackers&nbsp;never&nbsp;break a Python-based application, and make security breaches&nbsp;a thing of the past."

The site is organized into two sections:

--Security topics and how they relate to Python as a whole

--The security of specific software such as frameworks and template engines

ModSecurity

According to the website, it&nbsp;makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. "Its logging facilities also allow fine-grained decisions to be made about exactly what is logged and when, ensuring that only the relevant data is recorded," the site says.

ThreadFix aggregates vulnerability test results from disparate static and dynamic scanning tools as well as the results of manual penetration testing, code review and threat modeling to create a single comprehensive view of the security status of all applications within an organization.

The reporting, prioritization and remediation of an organization's application security vulnerabilities are centralized in a single tool, significantly easing communications between the application development and security teams.&nbsp;

It was developed and is maintained by&nbsp;Denim Group.

Burp Suite

Burp Suite is a Web app security testing platform.&nbsp;Its various tools support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Tools within the suite include a proxy server, web spider, intruder and a so-called repeater, with which requests can be automated.

Stormpath

Stormpath provides developers with Identity and Access Management tools to bolster security in any application. There is a free developer's version, as well as these paid versions: pro, premium and enterprise.

The tools do the following:

Hosts and Deploys user directories in the Cloud

Authenticates users and secures their passwords with one click

Manages hierarchies and RBAC with a drag-n-drop interface or API

Drops in code for user workflows like password reset, account verification and locking

Handles all the user security maintenance, so the user is ahead of attackers

Metasploit

HD Moore created the Metasploit Project in 2003 to provide the security community with a public resource for exploit development. This project resulted in the Metasploit Framework, an open source platform for writing security tools and exploits.

In 2009, Rapid7, a vulnerability management solution company, acquired the Metasploit Project. Prior to the acquisition, all development of the framework occurred in the developer's spare time, eating up most weekends and nights. Rapid7 agreed to the fund a full-time development team and keep the source code under the three-clause BSD license that is still in use today.